CheckPoint, to trigger the vulnerability the malicious DNS server and the victim’s Windows servers need to communicate using SIG or RRSIG records. Both have the same structure.
Microsoft uses the same SigWireRead function to parse both record types, which was an inspiration for the SIGRed alias of the vulnerability. Public exploits have not yet surfaced on available resources, although recent blog posts describing a full exploitation scenario have been published.
A critical remote code execution vulnerability in F5’s BIG-IP product was disclosed and assigned CVE-2020-5902. This vulnerability affects the configuration utility tool available through the BIG-IP management port. Exploitation requires network connectivity to the F5 BIG IP port. It allows unauthenticated attackers to execute arbitrary system commands, create or delete files, disable services, and trigger arbitrary Java code to compromise the system.
Shortly after the security advisories were published, active exploits were recorded when opportunistic mass scanning for vulnerable devices.
Mozilla Firefox browser patched CVE-2020-12405 at the beginning of June. The disclosure revealed a race condition affecting the SharedWorker component which could result in a Use After Free vulnerability. Successful exploitation can lead to remote code execution. There are currently no reports of abuse of this vulnerability.
The Bluetooth SIG organization disclosed CVE-2020-15802 in September. The disclosure included guidance on how device vendors can mitigate a new attack on Bluetooth capable devices. The vulnerability named BLURtooth (or the BLUR attack) exploits the lack of cross-transport key validation that allows an attacker to bypass Bluetooth Classic and Bluetooth Low Energy (BLE) security mechanisms.
Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with a link key. It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. An attacker could then gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS).
This vulnerability potentially exposes billions of devices that use the affected versions. Currently, there are no patches released to mitigate this attack.
Vulnerabilities and exploits are a continuous threat. At Avira’s Vulnerability Detection lab, we continuously monitor exploitation activities and analyze the latest vulnerabilities in order to provide our customers with the best protection and detection capabilities.